Host key verification (known_hosts) with ProxyJump/ProxyCommand
Philipp Marek
philipp at marek.priv.at
Sat Aug 19 19:38:56 AEST 2023
>> Would the UserKnownHostsFile be relative to the current working
>> directory of the `ssh` process at the time of its call, or would it
>> figure out that these files are relative to
>> /home/me/workplace/ops/eng-ssh/bigcust-config?
>
> Nope… just tried it, at this time it's relative to whatever
> directory you call `ssh` from.
>
> Which if everybody who used this directory kept it in the same
> place, wouldn't be a big issue… but since I'll bet everyone I'm
> working with keeps this repository in a different place, there is no
> "stable" path that will work for everyone. Short of getting
> everyone to set an environment variable in ~/.profile, I can't
> configure this in a seamless manner.
You could mandate people having a ~/.ssh/config-workplace.d symlink
pointing
to the right place (the git checkout directory), and use that in
a (static) ~/.ssh/config file:
Include ~/.ssh/config-workplace.d/*
That's a one-time setup cost.
Optionally you could even try hiding that in a Match block:
Match bigcustomer-*-bne-*
Include ~/.ssh/config-workplace.d/*
so that only these nodes are influenced by the redirections.
More information about the openssh-unix-dev
mailing list